General
-
Target
57175fa35ac08e8e169ec8082748b2f377f3b5f4b7065dc907dd9ee150398afd
-
Size
104KB
-
Sample
220725-a4ervsgaam
-
MD5
855b19d8c6791b0d53c03603b3542fd0
-
SHA1
bd7fc4630317287fdad539a50a718fe2c3ff5b4c
-
SHA256
57175fa35ac08e8e169ec8082748b2f377f3b5f4b7065dc907dd9ee150398afd
-
SHA512
441f20520328fa83ac3aa3b7a8c4a1260f23ba694f5c29f5cc17204d7ed1cdf3a9ad5dfe07f6635611f91f60bf294e0927059433d1dc5b87bc04486916bfb48a
Behavioral task
behavioral1
Sample
57175fa35ac08e8e169ec8082748b2f377f3b5f4b7065dc907dd9ee150398afd.exe
Resource
win7-20220718-en
Malware Config
Extracted
lokibot
http://www.agricomimpex.com/aspnet_client/system_web/fix/Panel/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
57175fa35ac08e8e169ec8082748b2f377f3b5f4b7065dc907dd9ee150398afd
-
Size
104KB
-
MD5
855b19d8c6791b0d53c03603b3542fd0
-
SHA1
bd7fc4630317287fdad539a50a718fe2c3ff5b4c
-
SHA256
57175fa35ac08e8e169ec8082748b2f377f3b5f4b7065dc907dd9ee150398afd
-
SHA512
441f20520328fa83ac3aa3b7a8c4a1260f23ba694f5c29f5cc17204d7ed1cdf3a9ad5dfe07f6635611f91f60bf294e0927059433d1dc5b87bc04486916bfb48a
-
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
-
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
-
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M1
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M1
-
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M2
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M2
-
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
-
Accesses Microsoft Outlook profiles
-